This is a Jenkins plug-in project that works with Kubernetes Secrets. This project includes some code from other projects:
- A Jenkins Credential plugin, available at: (http://wiki.jenkins-ci.org/display/JENKINS/Credentials+Plugin); and
- A Kubernetes plug-in, available at: https://github.com/jenkinsci/kubernetes-credentials-provider-plugin.
This plug-in will be useful if your organization uses Jenkins and uses Kubernetes, and wishes to read/store credentials in a secure way. Specifically, the Jenkins Credential sample above stores credentials on the local disk within an encrypted local text file. kubernetes-credentials-provider-plugin gets secrets from Kubernetes Secrets, but it does not store secrets. The kubernetes-credentials-provider-plugin also supports a limited number of credential types. This project, however, stores many kinds of credentials into Kubernetes Secrets. This project is intended to have more features than the samples above.
This plug-in requires Kubernetes and Jenkins to be setup and running. Specifically, the Jenkins instance must be running in a Kubernetes cluster. The user must configure a namespace where secrets are to be stored. A namespace is created in Kubernetes, and then that namespace is placed in a Jenkins environment variable ("NAMESPACE" environment variable). This plug-in will use this variable.
The installation, configuration and usability of a Jenkins plugin is well documented here: https://github.com/jenkinsci/credentials-plugin/tree/master/docs
This plug-in is installed, configured, and used in the same way.
Run
mvn clean package
to create the plugin .hpi file.
To install:
-
Copy the resulting ./target/credentials.hpi file to the $JENKINS_HOME/plugins directory. Don't forget to restart Jenkins afterwards.
-
Use the plugin management console (http://example.com:8080/pluginManager/advanced) to upload the hpi file. You have to restart Jenkins in order to find the pluing in the installed plugins list.
For testing, please follow the process below.
- Upload the plugin to the Jenkins instance running on kubernetes and check the end-to-end flow with respect to credentials.
- When you make any changes to the code, one of the scenarios to test is validating that the credentials/secrets persist even after a restart of the Jenkins instance.
- Some tests are already included in this repo, but there is more work to be done to increase code coverage. Contributions would be very welcome.
- Enablement of a custom domain feature separate from the default domain.
Copyright 2019 eBay Inc.
Author/Developer: Vasumathy Seenuvasan, Ravi Bukka, Murali Thirunagari
Use of this source code is governed by an MIT-style license that can be found in the LICENSE file or at https://opensource.org/licenses/MIT.
This project includes or modifies code from the open source project(s) listed in a NOTICE.md.